Sisters in Security: Katie Moussouris' Leaps of Faith

Katie Moussouris has been a hacker, a developer, and penetration tester. She is curious and passionate about making a difference in the world. And she keeps finding new roles and new challenges.

Currently, Moussouris is the chief policy officer at HackerOne, where her chief role is promoting and legitimizing security research among organizations, legislators, and policy makers. A hacker explaining what hackers do and why it is important. That is a role that suits Moussouris perfectly.

She also serves as a subject matter expert for the U.S. National Body of the International Standards Organization (ISO) in vulnerability disclosure, secure development, and penetration testing as it applies to common criteria and vulnerability handling processes.

How did she get here? "I was open to learning," Moussouris tells me.

"The best career moves I've ever made were things I wasn't sure I wanted to do. I don't really know how this is going to turn out. I am just going to try it. A leap of faith," she says. When she decided to work with computers full-time, she became a system administrator, and learned a lot about penetration testing. When she wanted to build things, she moved to San Francisco and became a Linux developer.

"My general advice is, be brave. Take leaps, take risks; Go out and try new things. Don't be afraid to bite off more than you can chew," Mousouris says.

Having "incredible mentors" also helped. These were people who showed an interest in her career and offered advice and encouragement. Many of them were former bosses.

Looking at the PastLet's summarize her extensive biography, anyway: Up until this May, she led the Security Community Outreach and Strategy Team in the Microsoft Security Response Center. She launched Microsoft's bug bounty programs, organized the BlueHat conference, conducted security researcher outreach, and founded Microsoft Vulnerability Research. She was a member of @stake when it was acquired by Symantec 10 years ago, and while at Symantec, founded Symantec Vulnerability Research. She was a penetration tester for Fortune 500 companies, a systems administrator, and a code breaker.

Moussouris originally didn't plan on a career in information security. She thought about how she could make a difference, and "I decided I wanted to cure diseases." So off she went to school to study molecular biology and later worked at the bioinformatics lab at MIT on the Human Genome Project. Afterwards, she realized she liked working with computers better than lab work ("the wet stuff") and switched to become a system administrator.

"I have such a very strange past. I don't know if it is repeatable!" she says.

The story of how Moussouris got into programming is "the same way every guy and gal got into it: My mother bought me a Commodore 64." The computer came with Pac-Man, and when she got bored of the game, her mother handed her a book on BASIC which came with the computer. And she was hooked on programming.

"My mom RTFMed me!" Moussouris laughs.

Take Control of Your CareerIt is easy to get derailed with tasks that take up time and energy that don't actually help advance your career, or get distracted with innocuous requests. "Assert yourself. Say, 'I am not your secretary/assistant.' Don't take on things that are not appropriate to your role," Moussouris advises.

She described one job where she was hired as a senior artchitect, but kept being assigned to work on training projects. Despite regularly volunteering for other roles—more in line with her title—she found that three months later, she was still training. "I had to assert myself and say, 'You didn't hire me as an architect to do training. You are going to let me do my job,'" Moussouris recalls.

"Security is results driven," she says, adding, "I can win them over with the results.

If you are concerned about your value and worth, "go take some training for a periscope view," Moussouris advises. Training classes show what you know, but more importantly, shows what your peers are doing, she says. Look at the titles around the room and ask about their responsibilities. You can use this information—I have these skills, and someone else with the same skill set has a more senior role than I do—to negotiate.

"Don't be afraid to be assertive about the things you've done, and take credit for things you've done," Moussouris says. Men frequently say, "I did this," while women tend to say, "We did this." There is no problem with saying, "we," but it's better to be the first one to step forward and say, "We did this."

What She is Doing Now"We actually have a lot of really amazing women in information security," Moussouris says. "It's important to highlight women who are out there doing things and achieving things, and have watering holes where women can exchange ideas and give each other advice. It's the old girls network that we never had."

Along with her new job at HackerOne, Moussouris is also one of the founding members of I am the Cavalry, a group of security researchers who want to make sure the technology permeating every aspect of our daily lives are safe. Computers are integral to the modern society, in cars, medical devices, consumer electronics, and critical infrastructure. But they are also riddled with vulnerabilities. "We've been in our careers a long time now, and we were asking ourselves, 'What is our purpose in life? How can we make the world better for our kids?'" she says.

Years ago, she thought her purpose in life was to cure diseases. Now she is out to make technology safe, one piece at a time.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service